Developed on Hackaday: the Current Project State

It has been quite a while since we updated our readers with the current state of the Mooltipass, the offline password keeper project developed by the Hackaday staff and community.

A few weeks ago we presented you the designs that our mechanical contributors had thought of. We organized a poll to get a feeling of what the favorite designs may be and around one thousand people expressed their opinions. The first three favorite designs with their corresponding votes were:

As we don’t want to put all our eggs in the same basket, most of our mechanical contributors are still continuing to work on the popular designs. Their current task concerns the electronics integration inside the different cases.

In the mean time, several prototypes were hand soldered and shipped to the firmware developers located all over the world.

Three to fourteen days later, they could start working on the firmware tasks they had picked. Luckily enough no platforms were harmed during transport, though my 8 years old AVRISP recently died. Several ground rules were strictly established in order to get a good cooperation going. At the moment, we’re quite happy using google groups and Trello to discuss and keep track of the development process.

Things are therefore smoothly progressing. We hope to launch into production other PCB versions (made for the designs) in +/- one month and later ship the assembled prototypes to selected beta testers. That’s an optimistic guess of course! If you’re interested in more constant updates or want to reach the development team, you may join the Mooltipass Google Group.

I’ve heard rumors that paper, pencil and steganography were developed some centuries ago and people used to trust it more than the rather volatile EEPROM inside an AVR.

Furthermore everyone would be better off carrying their public RSA keys with them instead of this toy and using PGP everywhere. Would make NSAs work a lot harder.
And if once in the future the day comes and I can’t remember my passwords or decipher them on my paper backup, I’d rather reach for my gun instead of that thing, because life with Alzheimer’s disease is miserable.

Among other things, the Mootipass is tempting me to pursue a second degree in electronics engineering – mostly because I would love to be able to grab one in beta, although I currently have no clue what to do with it, apart from following steps on a wiki page

I still don’t understand why people are surprised that their online communications are being monitored…. Everything you do on the web you should approach as if it were public knowledge…. nothing is truly secure… If the information is not physically in your control, well then someone somewhere can get to it without you knowing.

Liked that you’re (Mathieu and the google group) is taking into account Java on SIM card vulnerabilities for this. That you’re shipping the product around the world to develop it is very cool too. Good work.

The only way to circumvent this kind of attack would be to perform mooltipass to website encryption, which would require us to make partnerships with them directly.
The mooltipass goal is to reduce to a strict minimum the number of attack vectors.

I’d be the first to add the skull n’ wrench compatible logo to my website!

I realize your intent though, by me asking if “that [was] not a concern with this device” I was intending to figure out if this was trying to address that problem or not. Certainly though as you put it, it is out of the scope of a key holding device.

Thanks for your response, I’ve been following this project as it has all of my interests in a single package. Each step this project has really shown what a great device can come out of a community like this,